This article was about a breach involving a group of six high school students who were able to access their school’s StudentsAchieve Program to alter each of their attendance records. The StudentsAchieve Program is a “comprehensive classroom technology” that allows the teachers at Summerside High School to upload grades, assignments, and attendance records on a real time basis. Initially, the staff at Summerside believed there was just a glitch in the program when they noticed a discrepancy between the information entered and the information reflected in the system. Upon further investigation, it was discovered that only the attendance records of the six students in question had been changed. The students have been punished, but it is uncertain as to what extent.
Analysis:
This breach is entirely centered upon access controls. The students were able to enter the system from a computer outside the school by using an administrator’s access code. Thus, these students likely found a teacher or staff member’s password exposed in an unsecure place or simply guessed the password because it was extremely simple or obvious. In order to prevent a breach like this from happening in the future, the school’s staff should make sure to change their passwords frequently and choose passwords that have strong security levels. Moreover, the school should require that additional security questions are answered before logging in, especially if it is determined that the login is being attempted outside the school.
Article: Six Students ‘disciplined’ in Connection with TOSH Security Breach
http://www.journalpioneer.com/News/Local/2013-04-08/article-3216120/Six-students-%26lsquodisciplined%26rsquo-in-connection-with-TOSH-security-breach/1
Summary:
This article was about a breach involving a group of six high school students who were able to access their school’s StudentsAchieve Program to alter each of their attendance records. The StudentsAchieve Program is a “comprehensive classroom technology” that allows the teachers at Summerside High School to upload grades, assignments, and attendance records on a real time basis. Initially, the staff at Summerside believed there was just a glitch in the program when they noticed a discrepancy between the information entered and the information reflected in the system. Upon further investigation, it was discovered that only the attendance records of the six students in question had been changed. The students have been punished, but it is uncertain as to what extent.
Analysis:
This breach is entirely centered upon access controls. The students were able to enter the system from a computer outside the school by using an administrator’s access code. Thus, these students likely found a teacher or staff member’s password exposed in an unsecure place or simply guessed the password because it was extremely simple or obvious. In order to prevent a breach like this from happening in the future, the school’s staff should make sure to change their passwords frequently and choose passwords that have strong security levels. Moreover, the school should require that additional security questions are answered before logging in, especially if it is determined that the login is being attempted outside the school.